If trying to access via ssh you can add to sshd_config file
# you gonna want root group.... AllowGroups root blabla bla2 bla3
Using sssd to map the groups in linux
my .02
On Wed, Feb 19, 2020 at 1:01 PM Michael Ströder michael@stroeder.com wrote:
On 2/19/20 9:55 AM, Клеусов Владимир Сергеевич wrote:
I connected ldap linux clients to the OpenLDAP server. I need to make a certain group of users able to connect to certain computers. How do I do this ?
With most LDAP posix user management deployments you have to configure the Linux clients to query only certain user groups or configure other PAM access control or similar.
My Æ-DIR (based on OpenLDAP) provides views to the Linux clients based on hosts' service group membership and the user groups referenced:
https://www.ae-dir.com/docs.html#er-roles
So no need to configure the clients (except bind-DN and host password).
If you have many clients consider using aehostd for better search performance / less load (see https://ae-dir.com/aehostd.html).
Ciao, Michael.